Internet Security Systems

According to a 2002 survey by the FBI, "the threat from computer crime and other information security breaches continues unabated and...the financial toll is mounting." Some disturbing statistics include:

* 90 percent of those responding had at least one security problem.

* 85 percent had detected viruses on their computers.

* 80 percent said that they had lost money due to a security problem.

* 75 percent reported frequent online attacks.

Financial losses from Internet security problems continue to grow. At least 20% of organizations reported losses from online theft of private information in 2002. The average size of those losses was over $6.5 million, which was seven times as much as in 1997. Some of the increase is attributed to better reporting and more awareness of the problem, but much of the increase is due to increasing sophistication and persistence of online attackers (Kent & Piscitello 49).

Threats to Internet security used to take the form of viruses, worms, and malicious code designed to make a system unstable, or delete certain files. These unwelcome intruders even often announced their arrival with an announcement on the screen or some other visual disturbance that signaled a problem to the user. In contrast, security threats today are much more sophisticated, and are often undetectable. Rather than simply wanting to cause trouble and inconvenience for a user, these threats have the purpose of stealing confidential information from the target computer, including things like passwords, keys for reading encrypted messages, or even recording keystrokes (Martin 18).

Known commonly as spyware, these programs often are used to track the Web sites that a user visits, so as to gather marketing information. But there is less benign spyware that is able to change browser settings, scan files on a hard drive, or install programs without the user knowing. A user may unwittingly download a spyware program along with games, media players, peer-to-peer programs, or other utilities. In some cases, the user unknowingly agrees to the spyware installation by clicking "yes" to a user agreement without reading it through first.

Spyware consumes memory and processing resources, invades privacy, and can promote system instability. It is often difficult to remove once installed on a computer. Ways to reduce the risk from spyware include updating security policies to allow only trusted software for download, and investigating the source of any program before downloading it, to make sure it is reputable. New versions of anti-virus software often include spyware detection capabilities. Also, watch for unwanted ActiveX controls and cookies that have been installed on a PC (Martin 18).

A study by Ohio State University compares the Internet to the nation's air traffic control system, and a terrorist attack or other disaster could disrupt the network much the way that a severe storm can shut down an airport, with a ripple effect spreading across the whole air traffic system. Researchers conducted experiments in which they modeled what would happen if one or more of the Internet's major nodes were disrupted. The study showed that larger cities would continue to functioning online access, although at a lower functioning level. However, smaller cities that are spokes on the hubs would likely be completely disconnected from the network. This is due to the hub-and-spoke network architecture that has been commonly adapted by the major commercial Internet Service Providers. A glimpse of this type of scenario was provided with the September 11, 2001, terrorist attack in New York City, where one major telecommunication hub was located in the World Trade Center, and the loss of that hub disconnected three counties from the state of New York's computer system. In addition, several major Internet services and e-business providers were left without service for nearly two days ("Current Internet Model," 11).

Increasingly, attacks such as the Bugbear worm are designed to search for and withdraw confidential information as well as log a user's keystrokes on a computer. These programs often compromise network security by installing backdoors, which allows

...